FISMA 2016 Report

FISMA 2016 Executive Summary
The State of Federal Cybersecurity In 2016, cybersecurity continued to become a household term among the American public, as millions of citizens had their personal data and devices exposed to ever expanding cyber threats. During the year, malicious actors compromised several social media and email services, leading to the exposure of personal data for a large portion of their user bases. In October 2016, a distributed denial of service attack used seemingly innocuous internet-connected devices to cripple servers that connect the public to many popular websites. The exploits that led to these cyber incidents were not new, and demonstrate that we must redouble our efforts to inform Americans and companies across the country of methods that they can employ to protect their data from malicious actors.Click for 2016 FISMA ReportFISMA 2016 report to congress

Office of Management and Budget

The Office of Management and Budget (OMB) worked with agencies to develop policies aimed at strengthening cybersecurity across the government, including a revision to OMB Circular A-130, Managing Information as a Strategic Resource, which sets the overarching framework for managing Federal IT resources. OMB also collaborated with the Office of Personnel Management (OPM) to publish the first-ever Federal Cybersecurity Workforce Strategy to help agencies recruit and retain top cyber talent. OMB and its interagency partners look to build on these policies and continue driving cybersecurity performance in the coming years.

Federal Agencies were Not Immune

Federal agencies were not immune to these exploits in 2016, with over 30,899 cyber incidents that led to the compromise of information or system functionality. Sixteen of these incidents met the threshold for a major incident, a designation that triggers a series of mandatory steps for agencies, including reporting certain information to Congress.

During the year, Federal agencies made considerable progress in strengthening their defenses and enhancing their workforces to combat cyber threats. In particular, agencies worked to enforce the use of multi-factor Personal Identity Verification (PIV) cards, with 81% of government users now using this credential to access Federal networks. Additionally, over 70% of Federal agencies have employed strong antiphishing and malware capabilities to help safeguard their networks from malicious activity. Agencies have also made significant progress toward safeguarding their high value information technology (IT) assets and employing capabilities to identify, detect, and protect hardware and software assets on their networks.

Agency FISMA Progress

This annual report provides Congress with information on agencies’ progress towards meeting cybersecurity performance goals in Fiscal Year (FY) 2016 and the results of the independent Inspectors General (IGs) assessments that identify areas in need of improvement. This report also provides information on Federal cybersecurity incidents, ongoing efforts to mitigate and prevent future incidents, and agencies’ progress in implementing cybersecurity policies and programs to protect their systems, networks, and data.